I
don’t get these at a PMC level.
Is anyone on the PMC tracking these
security alerts?
Shouldn't someone ensure that the EE4J projects are responding
to these in a timely manner?
(Obviously ignore the "javaee" entries below.)
-------- Forwarded Message --------
|
security
alert digest
bshannon’s repository
security updates from the week of
Oct 23 -
Oct 30
|
Known security vulnerabilities
detected
Dependency
org.springframework:spring-core
|
Version
>
3.2.0 <
3.2.15
|
Upgrade
to
~>
3.2.15
|
Vulnerabilities
CVE-2015-5211
High severity
|
CVE-2018-1270
High severity
|
CVE-2018-1275
High severity
|
CVE-2015-3192
Moderate severity
|
CVE-2016-5007
Moderate severity
|
View 3 more
|
|
Defined
in
pom.xml
|
|
|
|
|
|
|
|
|
|
|
Known security vulnerabilities
detected
Dependency
org.apache.axis:axis
|
Version
<=
1.4
|
|
Vulnerabilities
CVE-2014-3596
Moderate severity
|
CVE-2018-8032
Moderate severity
|
|
Defined
in
pom.xml
|
|
|
|
|
|
|
|
|
|
|
Known security vulnerabilities
detected
Dependency
org.apache.axis:axis
|
Version
<=
1.4
|
|
Vulnerabilities
CVE-2014-3596
Moderate severity
|
CVE-2018-8032
Moderate severity
|
|
Defined
in
pom.xml
|
|
|
|
|
|
|
|
|
|
|
Known security vulnerabilities
detected
Dependency
org.eclipse.jetty:jetty-server
|
Version
<
9.2.25.v20180606
|
Upgrade
to
~>
9.2.25.v20180606
|
Vulnerabilities
CVE-2017-7657
Critical severity
|
CVE-2017-7656
Moderate severity
|
|
Defined
in
pom.xml
|
|
|
|
|
|
|
|
|
|
|
Known security vulnerabilities
detected
Dependency
org.eclipse.jetty:jetty-server
|
Version
>=
9.4.0 <
9.4.11.v20180605
|
Upgrade
to
~>
9.4.11.v20180605
|
Vulnerabilities
CVE-2018-12538
Moderate severity
|
CVE-2018-12536
Moderate severity
|
CVE-2017-7656
Moderate severity
|
|
Defined
in
pom.xml
|
|
|
|
|
|
|
|
|
|
Always
verify the validity and compatibility of
suggestions with your codebase.
|
_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-pmc